Question

How to disable Restricted Area window?

Posted February 20, 2014 48.5k views
I installed WordPress following the article "One-click WordPress installation on Ubuntu 13.10". After that, I login in to Restricted Area window with username and password, which are located in /root/WORDPRESS (wp-admin/ folder is protected by Apache's .htaccess.) But now, when I visit my site this message is showing every time. On every page. How to disable it? Thanks.
Add a comment
igorkraev
By:
igorkraev
Add a comment
2 comments
  • samsbroz May 4, 2015
    Reply Report

    Thanks alot
    It is working fine for my website
    LetusQuiz.com

  • jmnativ August 15, 2015
    Reply Report

    Can anyone please translate this to something an average user could understand? I’m sorry but I do not have a background in CS and I just can’t understand what you guys are talking about. :(

    I installed a new plugin on wordpress (hosted in DigitalOcean using one-click) and I don’t really have a problem with the additional server password. But after I installed this plugin called floating social bar, the password prompt appears on every page. I’ve been told I could just add the admin ajax php on whitelist? But I really don’t understand. I tried installing putty but I feel like a monkey on a rocketship.

    Can someone please help. Thank you!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
17 answers
asb August 11, 2014

From the main tutorial, One-Click Install WordPress on Ubuntu 14.04 with DigitalOcean:

To remove the additional password prompt, you’ll need to log into your VPS instance through SSH.... Once logged in, you need to update the main Apache configuration file. Open it as root with your text editor:

nano /etc/apache2/apache2.conf

Inside, you need to find the section that deals with the “/wp-admin/” section. It should look like this

<DirectoryMatch ^.*/wp-admin/>
    AuthType Basic
    AuthName "Please login to your droplet via SSH for login details."
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</DirectoryMatch>

This entire section can be commented out by placing the “#” character before each line, like this:

#<DirectoryMatch ^.*/wp-admin/>
#    AuthType Basic
#    AuthName "Please login to your droplet via SSH for login details."
#    AuthUserFile /etc/apache2/.htpasswd
#    Require valid-user
#<DirectoryMatch>

Once this is complete, you can restart Apache for your new changes to take affect.

service apache2 restart

This should remove the additional password prompt from the administrative areas, which is usually okay since WordPress itself can handle authentication.

Reply Report
  • CTala February 5, 2015

    It seems that none of us read the tutorials :P.

    Thanks !

    Reply Report
  • gilsoninacio May 4, 2015

    I only want to leave** restricted-area** when trying to log in meusite.com/wp-login.php, can anyone help? before I was only there, but then was requesting to access any part of the blog. Thank you.

    Reply Report
  • kamaln7 May 4, 2015

    @gilsoninacio: To limit the HTTP authentication to /wp-login.php only, use the following configuration instead:

    <DirectoryMatch /var/www>
    <Files wp-login.php>
        AuthType Basic
        AuthName "Restricted Area"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
    </Files>
</DirectoryMatch>

    Make sure you replace /var/www with the correct path to your Wordpress installation.

    Reply Report
  • mws530 June 30, 2015

    Perfect! Exactly what I needed thank you.

    Reply Report
annak February 21, 2014
Yes, wish I knew this too. In addition How to change user and pass. would be helpful too.

There is no .htaccess in /wp-admin/ either. I spent a half-hour looking around with an ftp client. Found just about everything else!!

I emailed Tech support and received the standard "we don't handle....' response. Clearly they kindly and graciously did handle the WP/Ubuntu13 install!

Anyways, hope someone responds soon. Thank you.
Reply Report
kamaln7 February 23, 2014
I think it's in /etc/apache2/apache2.conf
Reply Report
annak March 9, 2014
What if we have users needing to login - to post e.g.?

What was the idea to circumvent them having to bypass the folder security?
Reply Report
annak March 10, 2014
What happens if I delete /etc/apache2/apache2.conf? Does the DO WP/Ubuntu install then become a 'standard' Apache/WP install?

Or, what lines do I need to comment out for a 'standard' wproot\.htaccess to run the show?

All I want is for my WP/Ubuntu site to take directives from the /wp root/.htaccess. I am wasting so much time with DO's http auth..

Reply Report
boiteanuages March 23, 2014
hello
I have the same problem ! login window displays on any page, every times for unloved users…
is someone found an issue about this ?
Reply Report
n.muenzner March 24, 2014
Kamal, what do we have to change in apache2.conf?
Reply Report
kamaln7 March 24, 2014
@n.muenzner: Can you pastebin apache2.conf's contents? I haven't actually spun up a Wordpress droplet after the image was updated but it should be something like this: 
<Location -

AuthType Basic

...

</Location>


Comment out the whole block by adding "#" to the beginning of each line and then restart Apache. Does that work?
Reply Report
fabvon March 28, 2014
I think that we have to remove this code from the file:


AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user



I did it via WINSCP (sftp) and I had to reboot the droplet (sudo reboot).

I was so happy it worked, because I know nothing about Linux and stuff.
Reply Report
michael668861 May 18, 2014
1. sudo nano /etc/apache2/apache2.conf
2. Hit ctrl-w and search for 'wp-admin'
3. Remove these lines

AuthType Basic
AuthName "Please login to your droplet via SSH for login details."
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

4. Hit ctrl-o to write the changes to the file
5. Hit ctrl-x to exit, and then hit 'y' to save the changes.
6. service apache2 restart to restart your server and the folder should now be accessible.
Reply Report
Previous 1 2 Next
Load More Answers

Looking for something else?

Ask a new question Search for more help